A phishing campaign impersonating One Nevada Credit Union targets members via SMS and email, aiming to harvest login credentials, security answers, and sensitive personal information like SSNs through a cloned, fraudulent portal. Attackers exploit regional brand trust to create urgency around “security verification,” targeting the legitimate onenevada.org domain with sophisticated lookalike URLs. To protect against this fraud, users should rely only on the official One Nevada app, avoid clicking links in unsolicited messages, and verify any alerts directly through official, trusted channels.
Target: Members of One Nevada Credit Union (USA)
Threat Level: High (MFA Bypass & Full Account Takeover)
Phishing Method Description
This attack targets the Digital Banking users of One Nevada Credit Union. Scammers use a Security Alert pretext, sending out Smishing (SMS) or Phishing Emails claiming that an “Unauthorized Device” has logged into the account or that a “MFA Security Update” is mandatory.
The link leads to a high-fidelity clone of the One Nevada online banking portal. The phishing kit is specifically designed to harvest:
Username / Member Number
Password
Multi-Factor Authentication (MFA) Codes: The fake site prompts the victim to enter the SMS or Email code in real-time. The attacker immediately uses this code on the real banking site to gain full access.
Personal Identity Info: Social Security Number (SSN) fragments and phone numbers for identity verification.
⚠️ Red Flags to Watch For
Deceptive Domain: The official domain is onenevada.org. Phishing sites use lookalikes such as onenevada-verify.net, secure-onenevada.com, or onenevada-login.online. Note that credit unions almost always use .org extensions.
Urgency & Pressure: Language like “Your access will be restricted” or “Unauthorized transfer detected” is used to bypass the victim’s critical thinking.
Requests for MFA during Login: If a site asks for an MFA code immediately after you enter your password on an unfamiliar page, it’s a sign of a real-time interception attack.
🛡️ How to Protect Yourself
Use the Mobile App: Always perform your banking through the official One Nevada Mobile Banking app. Secure alerts will be delivered inside the app’s secure mailbox.
The “No Link” Rule: One Nevada Credit Union will never send you a text message or email containing a link to a login page asking for your credentials. Always type the address manually into your browser.
Verify the SMS Source: Official alerts come from short codes. If you receive a banking alert from a standard 10-digit mobile number, treat it as a scam.
Immediate Action: If you have entered information on a suspicious page, call the official Member Services at (702) 457-1000 or (800) 388-3000 immediately to lock your account.
💡 Expert Security Tip:
This is a Real-Time MFA Proxy Attack. The scammers are acting as a “middleman” between you and the bank. Your One-Time Passcode (OTP) is the final key to your money. Never enter a code on a website you reached via a link. If the bank sends you a code, read the text carefully—it often says “Do not share this code with anyone.”